Skip to main content

Geodendag! 

I would like to be able to use OpenVPN protocol to IPv4 endpoint suing my mobile subscription. It doesn't work unfortunately with KPN due to “all IPv6” in your network, while it perfectly works on VF/Ziggo. 

Hello @Vladimir Niiazov 

 

Normally you should get IPv4 and IPv6.

You can try if changing the APN to portalmmm.nl (normally it is internet) works, that one only uses IPv4.


Geodendag! 

I would like to be able to use OpenVPN protocol to IPv4 endpoint suing my mobile subscription. It doesn't work unfortunately with KPN due to “all IPv6” in your network, while it perfectly works on VF/Ziggo. 

Dank je wel, dit nieuwe APN werkt 


Good to know that there is a workaround to get a IPv4 address, but it would be good to know the limitations of such a IPv6 only connection. As far I know, there is a NAT64 in between where the IPv4 address is packed in the lower 32 bits of the IPv6 address. The gateway translates the IPv6 to IPv4 and back.  But is this only for web browsing and so on with TCP connections? OpenVPN is in the standard configuration an UDP connection, so the gateway should properly track the connection to direct the return packets the right way.  The same apply’s to other VPNs like IPsec and the popular Wireguard.

 

Or is the problem that you cannot use VPN profiles specifying VPN server’s IPv4 address?  But should it work if the VPN server is specified by it’s domain name, where the DNS system translates the IPv4 address to the IPv6 mapped variant?

 

 

 


Good to know that there is a workaround to get a IPv4 address, but it would be good to know the limitations of such a IPv6 only connection. As far I know, there is a NAT64 in between where the IPv4 address is packed in the lower 32 bits of the IPv6 address. The gateway translates the IPv6 to IPv4 and back.  But is this only for web browsing and so on with TCP connections? OpenVPN is in the standard configuration an UDP connection, so the gateway should properly track the connection to direct the return packets the right way.  The same apply’s to other VPNs like IPsec and the popular Wireguard.

 

Or is the problem that you cannot use VPN profiles specifying VPN server’s IPv4 address?  But should it work if the VPN server is specified by it’s domain name, where the DNS system translates the IPv4 address to the IPv6 mapped variant?

 

 

 

In my case it was indeed an IPv4 address specifying VPN server. For underlay end-point on my iPhone I had only IPv6 address.


I checked it with an own OpenVPN server. If the IPv4-only VPN server is registered in DNS and accessed by domain name, it gets an IPv6 address “64:ff9b::aabb:ccdd”, where aa,bb,cc and dd are the 4 numbers in the IPv4 address in hexadecimal format. The OpenVPN connection works, at least with a short test, so the NAT64 does it’s job properly.

So the workarounds are change of APN, or, if the input field allows, enter the IPv6 mapped IPv4 address, but probably the most user-friendly option is that VPN providers or sysadmins make their VPN accessible via DNS instead of IPv4 address.  

 

 

 

 

 

 


Reageer